Programmer Think

welpwn The topic is attacking and defending the world. Check the flow protection program first It's like a stack overflow, but there's no overflow. Then look at the echo function A little reverse, we can find that there is an array inside eval, which puts the first 16 of the previously read 0x400 bytes into s2. But it was launched when ...

2022 3.6 0 Beginning Trash Finally, the vegetable chicken's diary has been updated. This time it is a bit long. Teachers who want to see something useful can skip the catalog directly. I haven't written a diary for a long time. Did the chicken give up? Not really. Only chicken and vegetable have a new understanding of their dishes. jpg, d ...

summary   as a trainee who has studied for less than a year, I took part in the national competition for the first time this year. I thought the title would be gentle, but I only made one pwn question in the end. Originally, there were two pwn questions, but I still lacked some knowledge or skills. I didn't do it, and then it was over ...

Stack position in memory Operating system kernel Stack area: the place where local variables are stored during program operation Grow down (high – > low) Shared library mapping area: when a program is dynamically linked, its dependent libraries will be mapped to this area Heap area: malloc or new applies for new space, whic ...

1 _dl_runtime_resolve entry _ dl_runtime_resolve is implemented by assembly in glibc, in which the 32-bit entry point is / sysdeps / i386 / dl trampoline S. 64 bit entry point in / sysps_ 64/dl-trampoline. S. This paper mainly analyzes the 32-bit source code, version 2.23. From glibc online source website https://elixir.bootlin.com/glibc/ ...

Method 1: get Canary by overwriting truncated characters principle Canary's low byte is designed to be \ x00, which is intended to prevent Canary from being read directly by read, write and other functions. The value of Canary can be read out by overwriting the low \ x00 through stack overflow. From the above analysis, we can sort out th ...

summary Continue the learning record of TryHackMe. This time, the target is The Cod Caper, and the content is from Web vulnerability exploitation to buffer overflow. After starting the target, the IP address of the target is 10.10 one hundred and sixty-two point one seven seven Port scan nmap port scan found 2 ports open nmap -Pn --o ...

The first time to start the kernel problem depends on the reproduction of fmyy master's blog. After the reproduction, I have a general understanding of the use of uaf in the kernel. Problem solving steps: 1. Write a blog with a short talk. The topic gives us a compressed package and decompresses it. It is found that there is no vmlinux. Therefo ...

  after three days of hard work (fishing and paddling √), WMCTF 2021 is finally over, and our Mengxin experience team has also achieved the top 30 results with the joint efforts of everyone, which is really beyond my expectation. However, for our first game, the results are the most important aspect. The seriousness and concentration ...